🔐 CVE Alert

CVE-2023-7335

UNKNOWN 0.0

EduSoho < 22.4.7 Arbitrary File Read via classroom-course-statistics

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

EduSoho versions prior to 22.4.7 contain an arbitrary file read vulnerability in the classroom-course-statistics export functionality. A remote, unauthenticated attacker can supply crafted path traversal sequences in the fileNames[] parameter to read arbitrary files from the server filesystem, including application configuration files such as config/parameters.yml that may contain secrets and database credentials. Exploitation evidence was observed by the Shadowserver Foundation on 2026-01-19 (UTC).

CWE CWE-22
Vendor hangzhou kuozhi network technology co., ltd.
Product edusoho
Published Jan 22, 2026
Last Updated Jul 15, 2026
Stay Ahead of the Next One

Get instant alerts for hangzhou kuozhi network technology co., ltd. edusoho

Be the first to know when new unknown vulnerabilities affecting hangzhou kuozhi network technology co., ltd. edusoho are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Hangzhou Kuozhi Network Technology Co., Ltd. / EduSoho
0 < 22.4.7

References

NVD ↗ CVE.org ↗ EPSS Data ↗
edusoho.com: https://www.edusoho.com/ github.com: https://github.com/edusoho/edusoho/releases/tag/v22.4.7 cn-sec.com: https://cn-sec.com/archives/2451582.html blog.csdn.net: https://blog.csdn.net/qq_41904294/article/details/135007351 github.com: https://github.com/zeroChen00/exp-poc/blob/main/EduSoho%E6%95%99%E5%9F%B9%E7%B3%BB%E7%BB%9Fclassropm-course-statistics%E5%AD%98%E5%9C%A8%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.md github.com: https://github.com/gobysec/GobyVuls/blob/master/CNVD-2023-03903.md cnvd.org.cn: https://www.cnvd.org.cn/flaw/show/CNVD-2023-03903 vulncheck.com: https://www.vulncheck.com/advisories/edusoho-arbitrary-file-read-via-classroom-course-statistics